On (23/06/05 09:53), Oliver Elphick wrote: > We get a number of spam mails and viruses sent to us with the sender > address spoofed to appear to be from our domain. These get bounced for > the appropriate reason (unrouteable address, spam, etc) but if the mail > got routed through our ISP, the ISP sends the bounce straight back to me > because they think the sender is me (though the received headers show > the originating machine is in another domain). > > For example, here is an unwanted bounce message that has come back to > me; the original message was sent from 203.101.34.73, which claimed to > be lfix.co.uk, but isn't, of course: > ======================================================================== > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) failed: > > [EMAIL PROTECTED] > SMTP error from remote mailer after RCPT TO:<[EMAIL PROTECTED]>: > host mailgate.lfix.co.uk [80.177.205.209]: 550 unknown user > > ------ This is a copy of the message, including all the headers. ------ > > Return-path: <[EMAIL PROTECTED]> > Received: from [203.101.34.73] (helo=lfix.co.uk) > by relay-1.mail.demon.net with esmtp id 1DlJws-0002cD-O7 > for [EMAIL PROTECTED]; Thu, 23 Jun 2005 05:08:23 +0000 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Your Account is Suspended For Security Reasons > ======================================================================== > > So if I get a bad email that purports to come from my domain but in fact > doesn't, I would like to delete it without responding at all, while > still bouncing bad emails that were genuinely sent within the domain. > > Is there a way to configure exim to do this?
Hi Oliver I've setup spamassassin, sa-exim and clamav (daemon). Following the debian.README file for sa-exim, it was relatively straightforward. My setup seems to reject these most of the time with SA permanent reject score of 8 and temporary reject score of 5. I've not seen any false positives. Regards Clive -- www.clivemenzies.co.uk ... ...strategies for business -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
